Morning Edition · Friday, July 3, 2026
Anthropic redeploys Fable 5 with a stricter classifier it admits flags more benign code
The model returned July 1 after a 19-day suspension, and users report ordinary coding requests being rerouted to the pricier Opus 4.8.

Anthropic redeployed Claude Fable 5 globally on July 1 after a suspension, shipping a retrained safety classifier that the company says blocks over 99% of the reported jailbreak technique. In the same note it concedes the tradeoff directly. The new classifier "comes at the cost of flagging benign requests more often during routine coding and debugging tasks," and MarkTechPost confirms that it routes flagged cybersecurity, biology, and distillation queries to Opus 4.8 rather than answering with Fable.
This is where the user complaints start. The AI Post channel argues that strict guardrails severely degraded Fable 5 rather than merely weakening it, and in a separate post claims a developer paid 321 dollars for a session in which the classifier quietly routed roughly three-quarters of the work to Opus after flagging ordinary coding requests. Those figures are user-reported and unverified.
Anthropic's documentation disputes the billing charge specifically. Per the company's platform guidance, when a request is rerouted to Opus 4.8 the fallback input tokens are billed as a cache hit at 10% of the base rate rather than at full Opus pricing, and the reroute is said to trigger in fewer than 5% of sessions with a user notification. So the verified picture is a stricter classifier with more false positives on benign code, while the claim of large silent overcharges is contested and, by Anthropic's account, structurally prevented.
For engineers the actionable part is behavioral, not just financial. A classifier tuned to block 99% of a jailbreak will misclassify legitimate security and low-level systems work, which means Fable 5 users doing offensive-security research, malware analysis, or kernel work should expect refusals or reroutes and should design their pipelines to detect the fallback token in the response metadata.
- If true, who benefits
Anthropic, whose stricter classifier limits liability from the reported jailbreak while routing flagged work to the pricier Opus tier, a structure critics argue also steers billable volume upward.
- The nuance
The stricter classifier and higher false-positive rate are documented by Anthropic, but the large silent-overcharge claim rests on a single unverified user report that Anthropic's cache-hit billing (10% of base rate) is designed to prevent.
An open-source-intelligence read of how likely this story is true with its real nuance, not a judgment of any outlet. It assesses the claim, weighing independent and adversarial reporting. How we label confidence.
What this means
Safety tuning now has a measurable, visible cost to paying developers, and labs are being held to account for it in public. The episode shows the industry moving toward severity-graded jailbreak frameworks while accepting higher false-positive rates on benign work, a tradeoff that will push security-sensitive engineering toward models or self-hosted stacks with looser guardrails.
What to watch
- Whether Anthropic publishes the benign false-positive rate for the new classifier, which would move the overcharge debate from anecdote to data.
- The cross-lab jailbreak-severity rubric Anthropic is drafting with Amazon, Microsoft, and Google, since a shared scoring standard would shape how every major model gates security-adjacent requests.
Observations to monitor, not financial advice.
Synthesized from: Anthropic News · Polylog editors · MarkTechPost
Part of a tracked trend
AI Labs Gate Access and Face Accountability on Paid-Tier Promises
Over the next 3-6 months, frontier labs tighten who can use their consumer products — ID/KYC checks, usage-limit enforcement — while facing legal and customer pushback over what paid tiers actually deliver.
More from this edition
- Anthropic's Claude Sonnet 5 posts 92.4% on SWE-bench Verified, narrowing the price-to-capability gap
- Altman proposes handing the US government a 5% OpenAI stake worth roughly 42.6 billion dollars
- Google's electricity use jumped 37% in 2025 as its AI buildout outpaces grid decarbonization
- NVIDIA offers capital-light compute access in exchange for a cut of cloud revenue
- BMW puts Figure 03 humanoids to work on logistics sequencing at its Spartanburg plant
- Meta's Brain2Qwerty v2 decodes typed sentences from brain scans at 61% word accuracy
- Anthropic's Claude Science bets that scientific adoption is a workflow problem, not a model problem
- New papers attack the agent-safety gap with runtime firewalls and provenance tracing
- The cheapest capability gain now is spending fewer tokens
- Agentic coding tools produced a flood of new apps, and almost no downloads
- A fashion app shows what promptable vision foundation models look like in production